[cap-talk] password capabilities & object capability model?
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Tue Aug 19 11:46:21 CDT 2008
David-Sarah Hopwood wrote:
> Rob Meijer wrote:
>> I am writing a proposal article for a linux centered magazine on the
>> subject of AppArmor & MinorFs and the access control model used and
>> enabled by MinorFs.
>>
>> Currently I talk about MinorFs as a 'capability based' system.
>> MinorFs in contrast with most recent capability based systems that
>> advocate to be 'object capability' systems, uses password capabilities.
>>
>> I am not sure if the term object capability system is the general modern
>> term for capability systems, or if password capability systems are
>> excluded by this term.
>
> An object-capability system supports authority confinement, which
> requires that the only way to delegate authority is over capability
> channels, not over data channels.
Hmm. I probably meant "... which requires that the only way to delegate
a permission is over capability channels ..." You can still proxy in an
object-capability system, of course.
> A capability system that represents capabilities as passwords that are
> globally valid (i.e. can be passed as data between protection domains
> and then used in the recipient domain) cannot support authority
> confinement in this sense, and so it should not be called an
> object-capability system.
--
David-Sarah Hopwood
More information about the cap-talk
mailing list